Amendments to the Claims: 

Revise the claims as set forth below. This listing of claims will replace all prior versions and 
listings, of claims in the application: 

Listing of Claims: 

1 . (Currently amended) A method for protection of computer assets from unauthorized 
access comprisin g th e st e ps of : 

receiving in a protection engine, an interface control command; 

determining whether the interface control command introduces a security risk; 

when the interface control command introduces a security risk, determining a state of a 

switch; 

when the state of the switch is a protected state, inhibiting execution of the interface 
control command; and 

when the state of the switch is an unprotected state, allowing execution of the interface 
control command. 

2. (Currently amended) The method of claim 1 wherein th e s t e p of inhibiting execution of 
the interface control command further includes the st e p of : 



providing an indication that the execution of the interface control command was 
inhibited. 

3. (Currently amended) The method of claim 1 further comprisin g th e st e p of : 
changing the state of the switch to the protected state when a timeout duration has 

elapsed. 

4. (Currently amended) The method of claim 1 further comprisin g th e st e ps of : 
determining when the execution of the interface control command has been completed; 

and 
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when the execution of the interface control command has been completed, changing the 
state of the switch to the protected state. 

5. (Currently amended) The method of claim 1 wherein the st e p of determining the state of 
a switch includes the st e p of : 

determining the state of an electrical switch (physical switch). 

6. (Currently amended) The method of claim 1 wherein th e st e p of determining the state of 
a switch includes th e st e p of : 

determining the state of a software-based switch. 

7. (Currently amended) The method of claim 6 wherein th e st e p of determining the state of 
the software-based switch includes the st e p of : 

using cryptographic techniques to determine the state of the software-based switch. 

8. (Currently amended) The method of claim 1 wherein th e st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a hard disk drive. 

9. (Currently amended) The method of claim 8 wherein the st e p of allowing data to be 
written to a hard disk drive comprises th e st e p of : 

allowing data to be written to a boot sector of the hard disk drive. 

1 0. (Currently amended) The method of claim 8 wherein the st e p of allowing data to be 
written to a hard disk drive comprises th e st e p of : 

allowing data to be written to a file allocation table of the hard disk drive. 

1 1 . (Currently amended) The method of claim 1 wherein th e st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a floppy disk drive. 
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12. (Currently amended) The method of claim 1 wherein th e s t e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a BIOS memory. 

13. (Currently amended) The method of claim 1 wherein th e st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a parallel port. 

14. (Currently amended) The method of claim 1 wherein th e st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a serial port. 

1 5. (Currently amended) The method of claim 14 wherein the st e p of allowing data to be 
written to a serial port further comprises th e step of : 

allowing data to be written to a universal serial bus (USB). 

16. (Currently amended) The method of claim 14 wherein th e s t e p of allowing data to be 
written to a serial port further comprises th e step of : 

allowing data to be written to an IEEE-1394 interface. 

1 7. (Currently amended) The method of claim 1 3 wherein th e st e p of allowing execution of 
the interface control command further comprises the st e p of : 

allowing data to be written to a flash memory device. 

18. (Currently amended) The method of claim 1 3 wherein the s tep of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a thermal management controller. 

19. (Currently amended) The method of claim 1 wherein the step of determining whether the 
interface control command introduces a security risk comprises- th e st e p of : 
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determining whether the interface control command is a hard disk drive formatting 
command. 

20. (Currently amended) The method of claim 19 wherein th e st e p of determining whether 
the interface control command is the hard disk drive formatting command further comprises4he 
st e p of : 

determining whether the interface control command is a boot sector write command. 

2 1 . (Currently amended) The method of claim 1 wherein th e step of determining whether the 
interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a program file write command. 

22. (Currently amended) The method of claim 21 wherein th e st e p of determining whether 
the interface control command is a program file write command further comprises th e st e ps of : 

obtaining a file extension from the interface control command; 
determining whether the file extension is an executable file extension. 

23. (Currently amended) The method of claim 22 wherein th e st e p of determining whether 
the file extension is an executable file extension further comprises th e st e p of : 

determining whether the file extension is one of an exe extension, a com extension, a bat 
extension, or a bin extension. 

24. (Currently amended) The method of claim 1 wherein th e st e p of determining whether the 
interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command changes a file attribute, the file 
attribute enabling or disabling execution of a file corresponding to the file attribute. 

25. (Currently amended) The method of claim 1 wherein the st e p of determining whether the 
interface control command introduces a security risk comprises th e st e p of : 
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determining whether the interface control command disables a thermal management 
subsystem. 

26. (Currently amended) The method of claim 25 wherein th e st e p of determining whether 
the interface control command disables a thermal management subsystem comprises the st e p of : 

determining whether the interface control command disables a fan. 

27. (Currently amended) The method of claim 1 wherein th e step of determining whether the 
interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
system firmware (BIOS). 

28. (Currently amended) The method of claim 1 wherein the step of determining whether the 
interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
parallel port. 

29. (Currently amended) The method of claim 1 wherein th e st e p of determining whether the 
interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
serial port. 

30. (Currently amended) The method of claim 29 wherein th e st e p of determining whether 
the interface control command interface control command is a write command to write to a serial 
port comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
universal serial bus (USB). 
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3 1 . (Currently amended) The method of claim 29 wherein th e stop of determining whether 
the interface control command is a write command to write to a serial port comprises th e st e p of : 

determining whether the interface control command is a write command to write to an 
IEEE-1394 interface. 

32. (Currently amended) The method of claim 1 wherein th e s tep of determining whether the 
interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
flash memory device. 

33. (Currently Amended) A method for protection of computer assets from unauthorized 
access comprisin g the st e ps of : 

receiving in a protection engine in a south bridge , an interface control command; 

determining whether the interface control command introduces a security risk; 

when the interface control command introduces a security risk, determining whether a 
source of the interface control command is authentic; 

when the source of the interface control command is not authentic, inhibiting execution 
of the interface control command; and 

when the source of the interface control command is authentic, allowing execution of the 
interface control command. 

34. (Currently amended) The method of claim 33 wherein th e st e p of inhibiting execution of 
the interface control command further includes th e st e p of : 

providing an indication that the execution of the interface control command was 
inhibited. 
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35. (Currently amended) The method of claim 33 wherein th e st e p of allowing execution of 
the interface control command further comprises the st e p of : 

allowing data to be written to a hard disk drive. 

36. (Currently amended) The method of claim 35 wherein th e st e p of allowing data to be 
written to a hard disk drive comprises th e st e p of : 

allowing data to be written to a boot sector of the hard disk drive. 

37. (Currently amended) The method of claim 35 wherein th e s t e p of allowing data to be 
written to a hard disk drive comprises th e step of : 

allowing data to be written to a file allocation table of the hard disk drive. 

38. (Currently amended) The method of claim 33 wherein the st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a floppy disk drive. 

39. (Currently amended) The method of claim 33 wherein th e st e p of allowing execution of 
the interface control command further comprises th e s t e p of : 

allowing data to be written to a BIOS memory. 

40. (Currently amended) The method of claim 33 wherein th e st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a parallel port. 

41 . (Currently amended) The method of claim 33 wherein th e st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a serial port. 

42. (Currently amended) The method of claim 41 wherein th e st e p of allowing data to be 
written to a serial port further comprises th e st e p of : 
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allowing data to be written to a universal serial bus (USB). 

43. (Currently amended) The method of claim 41 wherein th e st e p of allowing data to be 
written to a serial port further comprises th e st e p of : 

allowing data to be written to an IEEE- 13 94 interface. 

44. (Currently amended) The method of claim 33 wherein th e st e p of allowing execution of 
the interface control command further comprises th e st e p of : 

allowing data to be written to a flash memory device. 

45. (Currently amended) The method of claim 33 wherein th e st e p of determining whether 
the interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a hard disk drive formatting 
command. 

46. (Currently amended) The method of claim 45 wherein th e s t e p of determining whether 
the interface control command is the hard disk drive formatting command further comprises-the 
st e p of : 

determining whether the interface control command is a boot sector write command. 

47. (Currently amended) The method of claim 33 wherein the st e p of determining whether 
the interface control command introduces a security risk comprises th e step of : 

determining whether the interface control command is a program file write command. 

48. (Currently amended) The method of claim 47 wherein th e st e p of determining whether 
the interface control command is a program file write command further comprises th e st e ps of : 

obtaining a file extension from the interface control command; 
determining whether the file extension is an executable file extension. 
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49. (Currently amended) The method of claim 48 wherein th e st e p of determining whether 
the file extension is an executable file extension further comprises th e st e p of : 

determining whether the file extension is one of an exe extension, a com extension, a bat 
extension, or a bin extension. 

50. (Currently amended) The method of claim 33 wherein th e st e p of determining whether 
the interface control command introduces a security risk comprises th e s t e p of : 

determining whether the interface control command changes a file attribute, the file 
attribute enabling or disabling execution of a file corresponding to the file attribute. 

5 1 . (Currently amended) The method of claim 33 wherein th e st e p of determining whether 
the interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command disables a thermal management 
subsystem. 

52. (Currently amended) The method of claim 51 wherein th e st e p of determining whether 
the interface control command disables a thermal management subsystem comprises th e st e p of : 

determining whether the interface control command disables a fan. 

53. (Currently amended) The method of claim 33 wherein th e st e p of determining whether 
the interface control command introduces a security risk comprises the step of : 

determining whether the interface control command is a write command to write to 
system firmware (BIOS). 

54. (Currently amended) The method of claim 33 wherein th e st e p of determining whether 
the interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
parallel port. 
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55. (Currently amended) The method of claim 33 wherein th e st e p of determining whether 
the interface control command introduces a security risk comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
serial port. 

56. (Currently amended) The method of claim 55 wherein th e st e p of determining whether 
the interface control command is a write command to write to a serial port comprises th e st e p of : 

determining whether the interface control command is a write command to write to a 
universal serial bus (USB). 

57. (Currently amended) The method of claim 55 wherein th e st e p of determining whether 
the interface control command is a write command to write to a serial port comprises th e st e p of : 

determining whether the interface control command is a write command to write to an 
IEEE-1394 interface. 

58. (Currently amended) The method of claim 33 wherein the st e p of determining whether 
the interface control command introduces a security risk comprises th e step of : 

determining whether the interface control command is a write command to write to a 
flash memory device. 

59. (Currently amended) The method of claim 33 wherein th e st e p of determining whether 
the source of the interface control command is authentic comprises the st e p of : 

issuing a challenge to the source of the interface control command; 
receiving a response from the source of the interface control command; and 
determining whether the response is valid. 

60. (Currently amended) The method of claim 59 wherein the st e p of determining whether 
the response is valid comprises th e st e p of : 
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comparing the response to a mathematical function of a value accessible only to the 
protection engine and to an operating system. 

61 . (Currently amended) The method of claim 60 farther comprisin g th e st e p of : 

writing the value from a processor to a one-time-writable register in the protection engine 
(by an operating system) during a boot process (before application software is enabled). 

62. (Currently amended) The method of claim 59 wherein th e st e p of determining whether 
the response is valid comprises th e st e p of : 

performing a mathematical operation on the challenge to produce a correct response 
value; and 

comparing the response to the correct response value. 

63. (Currently amended) The method of claim 59 wherein th e st e p of issuing the challenge to 
the source of the interface control command includes th e st e p of : 



obtaining a pseudorandom value; and 

forming the challenge based on the pseudorandom value. 
64. (Currently Amended) Apparatus for protection of computer assets from unauthorized 
access comprising: 

an interface controller operatively coupled to receive an interface control command to 
control an interface device; 

a switch selectable between a protected state and an unprotected state; 

a protection engine operatively coupled to the interface controller to receive the interface 
control command and operatively coupled to the switch to detect whether the e l e ctrical switch is 
in the protected state or the unprotected state to determine whether the interface control 
command poses a security risk and to selectively inhibit or allow execution of the interface 
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control command by the interface controller depending on whether or not the interface control 
command poses the security risk and depending on whether the switch is in the protected state or 
the unprotected state. 

65. (Original) The apparatus of claim 64 further comprising: 

a timer operatively coupled to the switch to reset the switch to the protected state after a 
period of time has elapsed. 

66. (Original) The apparatus of claim 64 further comprising: 

an interface control command execution completion sensor operatively coupled to the 
switch to reset the switch to the protected state after an execution of the interface control 
command has been completed. 

67. (Currently Amended) Apparatus for protection of computer assets from unauthorized 
access comprising: 

a south bridfie comprising: 

an interface controller operatively coupled to receive an interface control 
command to control an interface device; and 

a protection engine operatively coupled to the interface controller for preventing 
unauthorized access to the interface device and operatively coupled to receive the 
interface control command to determine whether a source of the interface control 
command is authentic and to selectively allow or inhibit execution of the interface control 
command by the interface controller depending on whether or not the source of the 
interface control command is authentic. 
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68. (Original) The apparatus of claim 67 further comprising: 

a one-time-writable register operatively coupled to the protection engine to store a value 
used to determine whether the source of the interface control command is authentic. 

69. (Original) The apparatus of claim 68 wherein the value is accessible only to the 
protection engine and to an operating system. 

70. (Currently amended) A method for protection of computer assets from unauthorized 
access comprisin g th e st e p s of : 

receiving in a protection engine, an interface control command; 

determining whether the interface control command introduces a security risk determined 
from at least one of: a type of interface control command, an area of memory affected by the 
interface control command, a device affected by the interface control command, data associated 
with the interface control command, an operand associated with the interface control command, 
and a relationship of the interface control command to another interface control command; 

when the interface control command introduces a security risk, determining a state of a 

switch; 

when the state of the switch is a protected state, inhibiting execution of the interface 
control command; and 

when the state of the switch is an unprotected state, allowing execution of the interface 
control command. 

71 . (Currently amended) The method of claim 70 including: 
physically changing the state of a hardware switch by a user; 

wherein th e st e p of determining the state of a switch includes th e st e p of determining the 
state of the hardware switch. 
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72. (Previously Presented) The method of claim 71 including performing at least one of: 
inhibiting data to be written to and allowing data to be written to a hard disk drive in response to 
determining the state of the hardware switch. 

73. (Currently amended) The method of claim 70 including: 

setting at least one bit in at least one of: a register and memory to change the state of a 
software-based switch; wherein th e step of determining the state of a switch includes th e s t e p of : 
determining the state of the software-based switch. 
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